Configuring transfer user accounts for Watch Folders

Watch Folder services must be run under a user with access to every area of your file system in which you intend to create a Watch Folder. You can run multiple instances of these services under different users; however, most deployments run these services under one user. Choose a user that has access to your entire file system. For information about creating users, see Setting up users.

If you need to run multiple instances of these services to access every area of your file system, see Choosing user accounts to run Watch Folder services.

Docroots and path restrictions limit the area of a file system or object storage to which the user has access. Users can create Watch Folders and Watch services on files or objects only within their docroot or restriction.

Docroots can be set up in the GUI or command line. In the GUI, click Configuration > Users > username > Docroot and set the permitted path as the value for Absolute Path. To set up a docroot from the command line, run the following command:

> asconfigurator -x "set_user_data;user_name,username;absolute,docroot"

Restrictions must be set from the command line:

> asconfigurator -x "set_user_data;user_name,username;file_restriction,|path"

The restriction path format depends on the type of storage. In the following examples, the restriction allows access to the entire storage; specify a bucket or path to limit access.

Storage Type	Format Example
local storage	For Unix-like OS: specific folder: file:////folder/* drive root: file:////* For Windows OS: specific folder: file:///c%3A/folder/* drive root: file:///c*
Amazon S3 and IBM Cloud Object Storage - S3	s3://*
Azure	azu://*
Azure Files	azure-files://*
Alibaba Cloud	oss://*
Google Cloud	gs://*

With a docroot or restriction setup, the user is now an Aspera® transfer user. Restart the Aspera Node Service to activate your change:

Open Search from the taskbar and type Services, click IBM Aspera NodeD, and click Restart.